Newest Ubuntu support

[quentinbaradat]

According to the Readme.md file, PEPsal is supported for Ubuntu 14.04 & 16.04.

However, while trying to use it on an Ubuntu 22.04, I faced an error related to the use of the TPROXY iptables feature.

iptables -A PREROUTING -t mangle -p tcp -i eth0 -j TPROXY --on-port 5000 --tproxy-mark 1

It seems that as of this version "iptables-legacy" has migrated to "iptables netfilter". And the TPROXY feature version doesn't work properly using iptables netfilter.

The only solution I found is to use the iptables-legacy bin :

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

[Kniyl]

Hi,

Using the $ sudo iptables -A PREROUTING -t mangle -p tcp -i eth0 -j TPROXY --on-port 5000 --tproxy-mark 1 command produced no errors on an Ubuntu 22.04 VM and reading back the mangle table showed the rule being properly applied:

$ sudo iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
TPROXY     tcp  --  anywhere             anywhere             TPROXY redirect 0.0.0.0:5000 mark 0x1/0xffffffff

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

What error are you trying to bypass by using iptables-legacy ?